Cannot get http -> https redirect to work properly

Raijin · December 10, 2019, 2:36am

I swear I have tried every conceivable configuration from the docs and github. All I want is a simple redirect so http requests to my service get automatically turned into https. This was working fine in v1, but of course it's broken for v2.

There a apparently a million ways to do this, because no two examples I've seen are the same, and none of them worked for me. Maybe i'm missing something.

At first http requests would result in a 404 error, but after some tinkering the http requests go through, but they are not redirected.

Here are the relevant configs in my docker-compose.yaml:

   traefik:
      image: "traefik:v2.0.2"
      container_name: "traefik"
      command:
         - "--log.level=DEBUG"
         - "--api.insecure=true"
         - "--providers.docker=true"
         - "--providers.docker.exposedbydefault=false"
         - "--entrypoints.web.address=:80"
         - "--entrypoints.websecure.address=:443"
         - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
         #- "--certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
         - "--certificatesresolvers.mytlschallenge.acme.email=me@myemail.com"
         - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
      ports:
         - "80:80"
         - "8081:8081"
         - "443:443"
      volumes:
         - "/var/run/docker.sock:/var/run/docker.sock:ro"
         - "$HOME/Data/Programs/Docker/TraefikV2/letsencrypt:/letsencrypt"
         #- "./traefik.toml:/traefik.toml"
      networks:
         - traefik
      restart: unless-stopped
      labels:
         # Global redirection: http to https
         #- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:(www\\.)?.+}`)"
         #- "traefik.http.routers.http-catchall.entrypoints=web"
         #- "traefik.http.routers.http-catchall.middlewares=wwwtohttps"

         # Global redirection: https (www.) to https
         #- "traefik.http.routers.wwwsecure-catchall.rule=HostRegexp(`{host:(www\\.).+}`)"
         #- "traefik.http.routers.wwwsecure-catchall.entrypoints=websecure"
         #- "traefik.http.routers.wwwsecure-catchall.tls=true"
         #- "traefik.http.routers.wwwsecure-catchall.middlewares=wwwtohttps"

         # middleware: http(s)://(www.) to  https://
         #- "traefik.http.middlewares.wwwtohttps.redirectregex.regex=^https?://(?:www\\.)?(.+)"
         #- "traefik.http.middlewares.wwwtohttps.redirectregex.replacement=https://$${1}"
         #- "traefik.http.middlewares.wwwtohttps.redirectregex.permanent=true"
         #
         - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
         - "traefik.http.routers.http-catchall.entrypoints=web"
         - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
         - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

   jellyfin:
      image: linuxserver/jellyfin
      container_name: jellyfin
      environment:
         - PUID=1000
         - PGID=1000
         - TZ=America/Los_Angeles
      volumes:
         - /home/me/Data/Programs/Docker/Jellyfin/ProgramData/:/config
         - /home/me/Data/Media/TV/:/data/tvshows
         - /home/me/Data/Media/Movies/:/data/movies
         - /home/me/Data/Media/Music/:/data/music
         - /home/me/Data/Media/Books/:/data/books
      ports:
         - 8096:8096
      labels:
         - "traefik.enable=true"
         - "traefik.http.routers.jellyfin.rule=Host(`www.jellyfin.mydomain.com`)"
         - "traefik.http.routers.jellyfin.entrypoints=websecure"
         - "traefik.http.routers.jellyfin.tls.certresolver=mytlschallenge"
         - "traefik.http.middlewares.jellyfin.redirectscheme.scheme=https"
           ###
           #- "traefik.http.middlewares.jellyfin-redirect-websecure.redirectscheme.scheme=https"
         - "traefik.http.routers.jellyfin-http.rule=Host(`www.jellyfin.mydomain.com`) || Host(`www.jellyfin.mydomain.com)"
         - "traefik.http.routers.jellyfin-http.entrypoints=http"
         - "traefik.http.routers.jellyfin-https.rule=Host(`www.jellyfin.mydomain.com`) || Host(`www.jellyfin.mydomain.com`)"
         - "traefik.http.routers.jellyfin-http.entrypoints=https"
         - "traefik.http.routers.jellyfin-http.middlewares=jellyfin-redirect"
         - "traefik.http.middlewares.jellyfin-redirect.redirectscheme.scheme=https"
      networks:
         - traefik
      restart: unless-stopped

Everything that's commented out are things I have tried unsucsessfully. I don't know if I need a combination of these labels or what, but nothing I try has worked.

Another post I saw on this topic got answered with this link Global http to https redirect in v2

but I was not able to find a working solution there

ldez · December 10, 2019, 8:52am

Hello,

you can try something like that:

version: '3.7'

services:
  traefik:
    image: "traefik:v2.0.7"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      #- "--certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.mytlschallenge.acme.email=me@myemail.com"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "8081:8081"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "$HOME/Data/Programs/Docker/TraefikV2/letsencrypt:/letsencrypt"
      #- "./traefik.toml:/traefik.toml"
    networks:
      - traefik
    restart: unless-stopped
    labels:
      traefik.http.routers.http-catchall.rule: hostregexp(`{host:.+}`)
      traefik.http.routers.http-catchall.entrypoints: web
      traefik.http.routers.http-catchall.middlewares: redirect-to-https@docker
      traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https

    jellyfin:
      image: linuxserver/jellyfin
      container_name: jellyfin
      environment:
         - PUID=1000
         - PGID=1000
         - TZ=America/Los_Angeles
      volumes:
         - /home/me/Data/Programs/Docker/Jellyfin/ProgramData/:/config
         - /home/me/Data/Media/TV/:/data/tvshows
         - /home/me/Data/Media/Movies/:/data/movies
         - /home/me/Data/Media/Music/:/data/music
         - /home/me/Data/Media/Books/:/data/books
      ports:
         - 8096:8096
      labels:
         traefik.enable: true

         traefik.http.routers.jellyfin.rule: Host(`www.jellyfin.mydomain.com`) || Host(`www.jellyfin.mydomain.com`)
         traefik.http.routers.jellyfin.entrypoints: https
         traefik.http.routers.jellyfin.tls.certresolver: mytlschallenge
      networks:
         - traefik
      restart: unless-stopped

Recommend read:

Raijin · December 12, 2019, 6:43pm

Interesting... Now I get an https redirect, but it redirects to a 404...

Raijin · December 12, 2019, 7:36pm

I tried both the config you gave here, and the one in the link you sent. I've got ever combination of scenarios: 404s on both http and https, one or the other working, http redirecting to a https 404 page, http just connecting with no SSL, etc.

Your config verbatim gave me 404s on all attempts. I followed the link you sent me and got something like this


   traefik:
      image: "traefik:v2.0.2"
      container_name: "traefik"
      command:
         - "--log.level=DEBUG"
         - "--api.insecure=true"
         - "--providers.docker=true"
         - "--providers.docker.exposedbydefault=false"
         - "--entrypoints.web.address=:80"
         - "--entrypoints.websecure.address=:443"
         - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
         - "--certificatesresolvers.mytlschallenge.acme.email=me@myemail.com"
         - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
      ports:
         - "80:80"
         - "8081:8081"
         - "443:443"
      volumes:
         - "/var/run/docker.sock:/var/run/docker.sock:ro"
         - "$HOME/Data/Programs/Docker/TraefikV2/letsencrypt:/letsencrypt"
         #- "./traefik.toml:/traefik.toml"
      networks:
         - traefik
      restart: unless-stopped
      labels:
         traefik.http.routers.http-catchall.rule: hostregexp(`{host:.+}`)
         traefik.http.routers.http-catchall.entrypoints: web
         traefik.http.routers.http-catchall.middlewares: redirect-to-https@docker
         traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https

   jellyfin:
      image: linuxserver/jellyfin
      container_name: jellyfin
      environment:
         - PUID=1000
         - PGID=1000
         - TZ=America/Los_Angeles
      volumes:
         - /home/me/Data/Programs/Docker/Jellyfin/ProgramData/:/config
         - /home/me/Data/Media/TV/:/data/tvshows
         - /home/me/Data/Media/Movies/:/data/movies
         - /home/me/Data/Media/Music/:/data/music
         - /home/me/Data/Media/Books/:/data/books
      ports:
         - 8096:8096
      labels:
         - "traefik.enable=true"
         - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.mydomain.com`)"
         - "traefik.http.routers.jellyfin.entrypoints=websecure"
         - "traefik.http.routers.jellyfin.tls.certresolver=mytlschallenge"
         - "traefik.http.middlewares.jellyfin.redirectscheme.scheme=https"
           ###
         - "traefik.http.middlewares.jellyfin-redirect-websecure.redirectscheme.scheme=https"
         - "traefik.http.routers.jellyfin-http.rule=Host(`jellyfin.mydomain.com`) || Host(`www.jellyfin.mydomain.com`)"
          #- "traefik.http.routers.jellyfin-http.entrypoints=http"
         - "traefik.http.routers.jellyfin-https.rule=Host(`jellyfin.mydomain.com`) || Host(`www.jellyfin.mydomain.com`)"
         - "traefik.http.routers.jellyfin-http.entrypoints=https"
         - "traefik.http.routers.jellyfin-http.middlewares=jellyfin-redirect"
         - "traefik.http.middlewares.jellyfin-redirect.redirectscheme.scheme=https"

This currently resolves requests as follows:

jellyfin.mydomain.com -> https://jellyfin.mydomain.com
https://jellyfin.mydomain.com -> https://jellyfin.mydomain.com
http://jellyfin.mydomain.com -> http://jellyfin.mydomain.com

So as before I had the http version giving a 404, now it just allows the user to connect insecurely I know there's probably a ton of redundant crap in this config but tbh traefik configs look like absolute gibberish to me and it's likely a single word in a single line that is causing stuff to fail.

I also tried the Traefik labels for a global redirect on the Docker 101 link you sent, and I managed to get http -> https, except all pages were 404s... I know it's so close to working too

Topic		Replies	Views
Redirect scheme (http to https) not working Traefik v2 middleware	6	4343	October 10, 2022
Redirect to https not working Traefik v2 docker , letsencrypt-acme , middleware	3	2116	December 6, 2019
Http to https redirect with v2. ends in 404 for http Traefik v2 docker	10	5720	June 1, 2020
Cannot get global http to https redirection to work Traefik v2 docker , letsencrypt-acme , middleware	4	674	June 2, 2023
Http to https redirect - Again Traefik v2 docker	10	1725	February 24, 2020

Cannot get http -> https redirect to work properly

Related topics